lsign produces exportable signatures when used for self-sigs

Peter Lebbing peter at digitalbrains.com
Fri Sep 13 15:49:28 CEST 2013


On 2013-09-13 14:24, Nicholas Cole wrote:
> The correct way would be to have keyservers
> honour the no-modify flag, or perhaps have some notation on the ID
> that prevents uploading to a public keyserver.  I myself would favour 
> the latter approach.

The latter has the same problem as the no-modify flag: it can be 
subverted by someone as long as the keyservers do not do crypto.

HTH,

Peter.

PS: I accidentally replied to Nicholas only. Using a different client 
than usually.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 
<http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list